The world’s most stable upstream Linux distro has just announced a point upgrade on its latest Debian 9 Stretch release. The latest version is 9.3, it comes with many corrections and improvements on the security front as well as some adjustments to cater for some other serious issues. The point release is not a new version of Debian 9 but only updates are added, so users do not need to throw away the old installation media as users can easily upgrade to an up-to-date system using an updated mirror.

The Internet of Things isn't just a buzzword, it's a reality that's expanded rapidly since we last published a review article on home automation tools in 2016. In 2017, 26.5% of U.S. households already had some type of smart home technology in use; within five years that percentage is expected to double.

With an ever-expanding number of devices available to help you automate, protect, and monitor your home, it has never been easier nor more tempting to try your hand at home automation. Whether you're looking to control your HVAC system remotely, integrate a home theater, protect your home from theft, fire, or other threats, reduce your energy usage, or just control a few lights, there are countless devices available at your disposal.

Q4OS is a small GNU/Linux distribution based on the latest Debian GNU/Linux operating system and built around the Trinity Desktop Environment (TDE). It's explicitly designed to make the Microsoft Windows to Linux transition accessible and more straightforward as possible for anyone.

Dubbed Debonaire, the new desktop theme uses dark-ish elements for the window titlebar and panel. Somehow it resembles the look and feels of the acclaimed Arc GTK+ theme, and it makes the Q4OS operating system more modern than the standard look offered by the Trinity Desktop Environment.

Emmabuntüs recently released a video where they explain the goals and reasons of the project, current achievements and show people who really use this operating system. You can also see the members of the project live.

The U.S. Commerce Department's National Institute of Standards and Technology (NIST) has issued the second draft of the proposed update to the Framework for Improving Critical Infrastructure Cybersecurity—also known as the Cybersecurity Framework. The American National Standards Institute (ANSI) encourages all relevant stakeholders to submit draft comments to NIST by the deadline on Friday, January 19, 2018.

VLC 3.0 is something we've been looking forward to for years and it's looking like that big multimedia player update could be released very soon.

Thanks to Phoronix reader Fran for pointing out that VLC 3.0 release candidates have begun to not much attention. VLC 3.0 RC1 was tagged at the end of November and then on Tuesday marked VLC 3.0 RC2 being tagged, but without any official release announcements.

A new major release is available of Cryptsetup, the user-space utility for dealing with the DMCrypt kernel module for setting up encrypted disk volumes.

Cryptsetup 2.0.0 is notable in that it introduces support for the new on-disk LUKS2 format but still retaining support for LUKS(1). The LUKS2 format is security hardened to a greater extent, more extensible than LUKS, supports in-place upgrading from LUKS, and other changes.

There is no doubt Facebook is one of the most popular and dynamic social network platform in the modern Internet era. It has revolutionized technology, social networking, and the future of how we live and interact. With Facebook, We can connect, communicate with one another, instantly share our memories, photos, files and even money to anyone, anywhere in the world. Even though Facebook has its own official messenger, some tech enthusiasts and developers are developing alternative and feature-rich apps to communicate with your buddies. The one we are going to discuss today is Caprine. It is a free, elegant, open source, and unofficial Facebook messenger desktop app built with Electron framework.

It turns out that if firing up KDE's KWin Wayland compositor without XWayland support, it can start up so fast that it causes problems.

Without XWayland for providing legacy X11 support to KDE Wayland clients, the KWin compositor fires up so fast that it can cause a crash in their Wayland integration as KWin's internal connection isn't even established... Yep, Wayland compositors are much leaner and cleaner than the aging X Server code-base that dates back 30+ years, granted most of the XWayland code is much newer than that.

IWD is a lightweight daemon for managing WiFi devices via a D-Bus interface and has been in development since 2013 (but was only made public in 2016) and just depends upon GCC / Glibc / ELL (Embedded Linux Library).

The Cloud Native Computing Foundation, home of the Kubernetes open-source community, grew wildly this year. It welcomed membership from industry giants like Amazon Web Services Inc. and broke attendance records at last week’s KubeCon + CloudNativeCon conference in Austin, Texas. This is all happy news for Kubernetes — the favored platform for orchestrating containers (a virtualized method for running distributed applications). The technology needs all the untangling, simplifying fingers it can get.

This is also why most in the community are happy to tamp down their competitive instincts to chip away at common difficulties. “You kind of have to,” said Michelle Noorali (pictured), senior software engineer at Microsoft and co-chair of KubeCon + CloudNativeCon North America & Europe 2017. “These problems are really hard.”

Network slicing is poised to play a pivotal role in the enablement of 5G. The technology allows operators to run multiple virtual networks on top of a single, physical infrastructure. With 5G commercialization set for 2020, many are wondering to what extend network functions virtualization (NFV) and software-defined networking (SDN) can help move network slicing forward.

Juniper Networks has announced its intent to move the codebase for OpenContrail, an open-source network virtualisation platform for the cloud, to the Linux Foundation. OpenContrail provides both software-defined networking (SDN) and security features and has been deployed by various organisations, including cloud providers, telecom operators and enterprises to simplify operational complexities and automate workload management across diverse cloud environments.

Juniper Networks plans to move the codebase for its OpenContrail open-source network virtualization platform for the cloud to the Linux Foundation, broadening its efforts to drive more software innovations into the broader IT and service provider community.

The vendor is hardly a novice in developing open source platforms. In 2013, Juniper released its Contrail products as open sourced and built a user and developer community around the project. To drive its next growth phase, Juniper expanded the project’s governance, creating an even more open, community-led effort.

The annual Open Source Jobs Report from Dice and The Linux Foundation reveals a lot about prospects for open source professionals and hiring activity in the year ahead. In this year’s report, 86 percent of tech professionals said that knowing open source has advanced their careers. Yet what happens with all that experience when it comes time for advancing within their own organization or applying for a new roles elsewhere?

Red Hat, Inc. (NYSE: RHT), the world's leading provider of open source solutions, today announced that Red Hat Enterprise Linux 7.1, the world’s leading enterprise Linux platform, has achieved an additional Common Criteria Certification. Enhancing the existing Evaluation Assurance Level 4+ certification announced in October 2016, this certification was under the General-Purpose Operating System Protection Profile (OSPP) 3.9. Red Hat Enterprise Linux was the first operating system to be Common Criteria-certified with Linux Container Framework Support, underscoring Red Hat’s commitment to delivering hardened and more secure IT innovations like Linux containers.

As of December 12, 2017, the Fedora 25 Linux operating system is no longer supported and it won't receive further updates or security patches as it reached end of life.

Fedora 25 Linux was released last year on November 22, and will be remembered as the first release of the GNU/Linux distribution to adopt the next-generation Wayland display server by default for its Workstation edition using the acclaimed GNOME desktop environment.

Fedora Project usually provides updates for each Fedora Linux release until a month after the second succeeding version of the operating system is released. Fedora 25 received thirteen months of support, and now that Fedora 27 Linux is out as of November 14, 2017, users need to upgrade.

In contrast, asynchronous decision-making, which is often used in large open source projects—for example, at the Apache Software Foundation (ASF), where I'm most active—provides an efficient way for teams to move forward with minimal meetings. Many open source projects involve only a few meetings each year (and some none at all), yet development teams consistently produce high-quality software.

Dana Lewis kickstarted the Open Artificial Pancreas System (previously) by trying to solve her own problems with monitoring her glucose levels, calculating insulin doses, and administering them around the clock -- an onerous task that her life depended on, which disrupted her sleep and challenged her to make reliable calculations regarding dangerous substances while her blood-sugar levels were troughing or spiking.

An open-source LTE shield equipped with SIMCOM’s SIM7000-series modules combined with the latest LTE CAT-M technology has been created by Hackaday member Timothy Woo to enable Arduino users to easily connect low-power Internet of Things devices to next-generation cellular technology!

While you might be thinking about the ways to get rid of the secret (flawed) ME chip Intel puts insider its processors, the silicon giant has announced their plans to prevent the ME chip from getting hacked in the future.

We live in the era of gig economies and e-commerce, where supply chains are evolving before our eyes due in part to the speed of technological innovation. All transportation and logistics services are under pressure to deliver highly analytic data-rich solutions in addition to freight. The challenge to gain advantage through information technology systems, let alone to remain competitive, is often met through “homegrown” proprietary IT solutions in addition to those many options available on the market.

Developing proprietary IT systems, whether for core operating systems or customer-facing applications, can be a costly endeavor and therefore the speed and cost of development tend to be areas of concern. Most IT systems today contain what is known as open source software because using open source is generally much more cost-effective than developing entirely from scratch. While using open source software is advantageous in some ways, it also carries certain risks that must be navigated in order to achieve and protect the full potential of a homegrown system.

Canonical announced on Wednesday the availability of officially certified FIPS 140-2 cryptographic packages for the long-term supported Ubuntu 16.04 LTS (Xenial Xerus) operating system series through its Cryptographic Module Validation Program.

Level 1 FIPS 140-2 cryptographic packages can now be purchased for your Ubuntu 16.04 LTS operating system through Canonical's Ubuntu Advantage service or as a separate, standalone product. Ubuntu Advantage subscribers can already find the FIPS-compliant modules in the Ubuntu Advantage private archive if they use Ubuntu 16.04 LTS (Xenial Xerus) on their PCs.

Not only are Ubuntu developers working towards demoting Python 2 on their Linux distribution but they are also working on being able to demote the GTK2 tool-kit from the main archive to universe followed by its eventual removal in the future.

Matthias Klose is hoping to organize more work towards this slow demotion process of GTK2 and ideally to get some of the issues cleared up ahead of the Ubuntu 18.04 Long-Term Support release in April.

SparkyLinux developers have released the SparkyLinux 4.7 operating system for ARMhf hardware architectures supported on Raspberry Pi single-board computers.

This is the first release of the Debian-based SparkyLinux operating system to come to the tiny Raspberry Pi SBCs, most probably supporting both Raspberry Pi 2 and Raspberry Pi 3 single-board computers. The ARMhf port of SparkyLinux was in development for the last couple of months.

Based on the latest Debian GNU/Linux 9 "Stretch" operating system, SparkyLinux 4.7 for ARMhf includes all the Raspberry Pi scripts and packages, and it's distributed in two flavors, a graphical version using the lightweight Openbox window manager and a text-based Lite edition that lets you customize the OS as you see fit.

With yesterday's release of the Radeon Software Adrenalin driver for Windows, it actually picks up a feature that is roughly similar to something the open-source Radeon driver stack - and all of the Mesa's Gallium3D drivers for that matter - have offered for years.

Following yesterday's excitement around the Radeon Software Adrenalin Driver as well as word of AMD open-sourcing their Linux driver and making other Linux driver changes, AMD's GPUOpen team has announced the release of a new version of Radeon GPU Profiler.

During last week's Snapdragon Technology Summit, a few references to "Vulkan2" were dropped... Well, here's the official comment from Khronos on that as well as my thoughts on this hypothetical next version of Vulkan.

Several Phoronix readers have pointed out (e.g.) references to "Vulkan2" in the context of the new Snapdragon 845 SoC announced at this year's Snapdragon Technology Summit. The Snapdragon 845 with Adreno 630 does mention "Vulkan2" support.

Developers working in secure development guidelines can still be bitten by upstream bugs in the languages they use.

That's the conclusion of research presented last week at Black Hat Europe by IOActive's Fernando Arnaboldi.

As Arnaboldi wrote in his Black Hat Europe paper [PDF]: “software developers may unknowingly include code in an application that can be used in a way that the designer did not foresee. Some of these behaviors pose a security risk to applications that were securely developed according to guidelines.”

Despite the criticism it received in the United States and in the United Kingdom, Kaspersky continues to be one of the leading security vendors for Windows users across the world, with its software protecting millions of systems powered by Microsoft’s OS.

But it turns out that some of those whose computers were running the Windows 10 Fall Creators Update and Kaspersky Internet Security 2018 have been hit by a bug causing a Blue Screen of Death (BSOD) since earlier this month.

BornCity reveals that the issue first appeared earlier this month when some users complained of a BSOD on Windows 10 build 16299.98, which indicates that these systems were running the latest version of the OS with cumulative update KB4051963.

The attack can compromise a website’s RSA encryption by decrypting the data using the private key of the TLS server. It was possible because of the vulnerability present in the RSA algorithm used in SSL protocol, exploited by Bleichenbacher.

In his keynote at OpenStack Summit in Australia, Jonathan Bryce (Executive Director of the OpenStack Foundation) stressed on the meaning of both “Open” and “Stack” in the name of the project and focused on the importance of collaboration within the OpenStack ecosystem.

OpenStack has enjoyed unprecedented success since its early days. It has excited the IT industry about applications at scale and created new ways to consume cloud. The adoption rate of OpenStack and the growth of its community exceeded even the biggest open source project on the planet, Linux. In its short life of 6 years, OpenStack has achieved more than Linux did in a similar time span.

So, why does OpenStack need to redefine the meaning of the project and stress collaboration? Why now?

“We have reached a point where the technology has proven itself,” said Mark Collier, the CTO of the OpenStack Foundation. “You have seen all the massive use case of OpenStack all around the globe.”

Brian Fox is a titan of open source software. As the first employee of Richard Stallman’s Free Software Foundation, he wrote several core GNU components, including the GNU Bash shell. Now he’s a board member of the National Association of Voting Officials and co-founder of Orchid Labs, which delivers uncensored and private internet access to users like those behind China’s firewall. We talked to him about his career and how he works.

The Gumstix RoomSense is a USB dongle board that can detect room occupancy using passive infrared (PIR) technology and report on temperature, humidity, and barometric conditions. The board can be customized in the Gumstix Geppetto online development service, which was used to design it in the first place. Geppetto users can “customize specifications online by changing processors or adding GPS and sensors as needed,” says Gumstix.

More in Tux Machines

Debian-Based Q4OS Linux Distro to Get a New Look with Debonaire Desktop Theme

Q4OS is a small GNU/Linux distribution based on the latest Debian GNU/Linux operating system and built around the Trinity Desktop Environment (TDE). It's explicitly designed to make the Microsoft Windows to Linux transition accessible and more straightforward as possible for anyone.
Dubbed Debonaire, the new desktop theme uses dark-ish elements for the window titlebar and panel. Somehow it resembles the look and feels of the acclaimed Arc GTK+ theme, and it makes the Q4OS operating system more modern than the standard look offered by the Trinity Desktop Environment.

today's leftovers

Emmabuntüs recently released a video where they explain the goals and reasons of the project, current achievements and show people who really use this operating system. You can also see the members of the project live.

The U.S. Commerce Department's National Institute of Standards and Technology (NIST) has issued the second draft of the proposed update to the Framework for Improving Critical Infrastructure Cybersecurity—also known as the Cybersecurity Framework. The American National Standards Institute (ANSI) encourages all relevant stakeholders to submit draft comments to NIST by the deadline on Friday, January 19, 2018.

VLC 3.0 is something we've been looking forward to for years and it's looking like that big multimedia player update could be released very soon.
Thanks to Phoronix reader Fran for pointing out that VLC 3.0 release candidates have begun to not much attention. VLC 3.0 RC1 was tagged at the end of November and then on Tuesday marked VLC 3.0 RC2 being tagged, but without any official release announcements.

A new major release is available of Cryptsetup, the user-space utility for dealing with the DMCrypt kernel module for setting up encrypted disk volumes.
Cryptsetup 2.0.0 is notable in that it introduces support for the new on-disk LUKS2 format but still retaining support for LUKS(1). The LUKS2 format is security hardened to a greater extent, more extensible than LUKS, supports in-place upgrading from LUKS, and other changes.

There is no doubt Facebook is one of the most popular and dynamic social network platform in the modern Internet era. It has revolutionized technology, social networking, and the future of how we live and interact. With Facebook, We can connect, communicate with one another, instantly share our memories, photos, files and even money to anyone, anywhere in the world. Even though Facebook has its own official messenger, some tech enthusiasts and developers are developing alternative and feature-rich apps to communicate with your buddies. The one we are going to discuss today is Caprine. It is a free, elegant, open source, and unofficial Facebook messenger desktop app built with Electron framework.

It turns out that if firing up KDE's KWin Wayland compositor without XWayland support, it can start up so fast that it causes problems.
Without XWayland for providing legacy X11 support to KDE Wayland clients, the KWin compositor fires up so fast that it can cause a crash in their Wayland integration as KWin's internal connection isn't even established... Yep, Wayland compositors are much leaner and cleaner than the aging X Server code-base that dates back 30+ years, granted most of the XWayland code is much newer than that.

NetworkManager now has support for Intel's lean "IWD" WiFi daemon.
IWD is a lightweight daemon for managing WiFi devices via a D-Bus interface and has been in development since 2013 (but was only made public in 2016) and just depends upon GCC / Glibc / ELL (Embedded Linux Library).

Linux Foundation: Servers, Kubernetes and OpenContrail

The Cloud Native Computing Foundation, home of the Kubernetes open-source community, grew wildly this year. It welcomed membership from industry giants like Amazon Web Services Inc. and broke attendance records at last week’s KubeCon + CloudNativeCon conference in Austin, Texas. This is all happy news for Kubernetes — the favored platform for orchestrating containers (a virtualized method for running distributed applications). The technology needs all the untangling, simplifying fingers it can get.
This is also why most in the community are happy to tamp down their competitive instincts to chip away at common difficulties. “You kind of have to,” said Michelle Noorali (pictured), senior software engineer at Microsoft and co-chair of KubeCon + CloudNativeCon North America & Europe 2017. “These problems are really hard.”

Network slicing is poised to play a pivotal role in the enablement of 5G. The technology allows operators to run multiple virtual networks on top of a single, physical infrastructure. With 5G commercialization set for 2020, many are wondering to what extend network functions virtualization (NFV) and software-defined networking (SDN) can help move network slicing forward.

Juniper Networks has announced its intent to move the codebase for OpenContrail, an open-source network virtualisation platform for the cloud, to the Linux Foundation. OpenContrail provides both software-defined networking (SDN) and security features and has been deployed by various organisations, including cloud providers, telecom operators and enterprises to simplify operational complexities and automate workload management across diverse cloud environments.

Juniper Networks plans to move the codebase for its OpenContrail open-source network virtualization platform for the cloud to the Linux Foundation, broadening its efforts to drive more software innovations into the broader IT and service provider community.
The vendor is hardly a novice in developing open source platforms. In 2013, Juniper released its Contrail products as open sourced and built a user and developer community around the project. To drive its next growth phase, Juniper expanded the project’s governance, creating an even more open, community-led effort.

The annual Open Source Jobs Report from Dice and The Linux Foundation reveals a lot about prospects for open source professionals and hiring activity in the year ahead. In this year’s report, 86 percent of tech professionals said that knowing open source has advanced their careers. Yet what happens with all that experience when it comes time for advancing within their own organization or applying for a new roles elsewhere?